SMIMEA messages often contain a certificate (some messages contain more than one certificate). These certificates assist in authenticating the sender of the message and can be used for encrypting messages that will be sent in reply. In order for the SMIME receiver to authenticate that a message is from the sender identified in the message, the receiver’s Mail User Agent (MUA) must validate that this certificate is associated with the purported sender. Currently, the MUA must trust a trust anchor upon which the sender’s certificate is rooted and must successfully validate the certificate. There are other requirements on the MUA, such as associating the identity in the certificate with that of the message, which is out of scope for this document.
The SMIMEA record has the following look on your DNS zone management page:
How to create a DNS SMIMEA record?
- Login to your 5centsCDN control panel.
- Go to SimpleDNS and click the Manage button of your Domain.
- Click the green plus button to create a new DNS record. The values are explained below.
- Type: SMIMEA
- TTL: 1 hour
- Host: www (This hostname is used as an example)
- Usage: (From 0 to 3) It specifies the provided association that will be used to match the certificate presented in the TLS handshake
- Selector: (From 0 to 1) It specifies which part of the TLS certificate presented by the server will be matched against the association data
- Matching-type: (From 0 to 2) It specifies how the certificate association is presented.
- Certificate: Specifies the “certificate association data” to be matched.
- Click the ADD button.